Microsoft unveils cloud-based AI cybersecurity tools

Microsoft launched two cloud-based security tools, Azure Sentinel and Threat Experts, which use artificial intelligence to help security professionals respond to immediate threats more quickly.

Why It Matters

Azure Sentinel is designed to pull in large amounts of data from other cloud-based services — Microsoft is billing the platform as a “cloud-native Security Information and Event Management tool.”

Sentinel lets users connect to and collect data from all sources including applications, servers, and devices running on-premises or in the cloud.

The platform can also integrate with existing tools, whether business applications, other security products, or home grown tools, and users can add their own machine-learning models, as well as tailored detections, machine learning models and threat intelligence, the company said.

Microsoft touts the AI’s abilities to reduce noise from legitimate events with built-in machine learning and knowledge based on analyzing trillions of signals daily.

The platform claims to also accelerate proactive threat hunting with pre-built queries based on years of security experience, and lets users view a prioritized list of alerts, get correlated analysis of thousands of security events, and visualize the scope of each attack.

Meanwhile, integrated automation and orchestration of common tasks and workflows is aimed at simplifying security operations and speeding threat response.

In addition, Azure Sentinel supports open standards such as Common Event Format and broad partner connections, including Microsoft Intelligent Security Association partners such as Check Point, Cisco, F5, Fortinet, Palo Alto and Symantec, as well as broader ecosystem partners such as ServiceNow.

The second release, Threat Experts, is a new service within Windows Defender ATP providing managed hunting to help extend the capability of an organization’s security operations center team.

Through this service, Microsoft pores over anonymized security data for the most important threats, including hands-on-keyboard attacks and human adversary intrusions, as well as advanced attacks like cyber espionage.

The service helps an organization’s security team prioritize the most important risks and respond, as well as offering an “Ask a Threat Expert” button, whereby the security operations team can submit questions directly in the product console.

On The Record

“After using Microsoft Azure Sentinel for six months, it has become a go-to resource every morning,” Corey McGarry, senior technical specialist of enterprise operations at Tolko Industries, said in a Microsoft blog post. “We get a clear visual of what’s happening across our network without having to check all our systems and dashboards individually.”

Microsoft corporate vice president for the cybersecurity solutions group Ann Johnson, wrote on the company’s official blog: “Cybersecurity is about people. The frontline defenders who stand between the promise of digital transformation and the daily reality of cyber-attacks need our help.”